SEP 12.1 - Limited Administrators Can Access New Groups
I manage a global deployment of SEP 12.1. I've got a single Symantec domain and then 4 main groups under that domain. The 4 main groups correspond to geographical areas like North America, Europe, Asia Pacific, etc. Under each of the main groups I have many sub-groups which correspond to the cities I support.
My problem is that I create a limited administrator for a city (group), and adjust access to prevent that administrator from accessing any other groups. That works fine until I create a new city group. The console for some reason grants previous administrators access to new groups automatically. This results in me having to go through and edit 80 or more limited administrator accounts every time I add a new city group.
I'm not sure who at Symantec thought this was a good idea, but it isn't. If I grant specific granular access to a limited administrator then I don't ever want their access to increase unless I specifically increase it. They should NEVER get access to my new groups unless I specifically grant them access to my new groups.
I've read other forum posts saying this is resolved in 12.1, but it isn't. What can be done to correct this insecure behavior in the Symantec Console?